Information Security News
by Cyrus Farivar
Two major supermarket chains announced that their customers' credit card information may have been stolen during a network intrusion.
SuperValu, the Minnesota parent company of Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save, and Shoppers Food and Pharmacy, announced that 180 stores in North Carolina, Maryland, Virginia, Illinois, Missouri, North Dakota, and Minnesota were affected.
"The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution," SuperValu said in a statement Friday.
by Sean Gallagher
On August 7, as Def Con was kicking off far below in the bowels of the Rio Hotel’s convention center in Las Vegas, I was ushered into a suite on the 19th floor to see a man who has one of the most high-profile security gigs in the industry: Joe Sullivan, Facebook’s chief security officer. An acquisition of a security startup company announced that same day and a huge internal investment in security technology development have created a software security giant that has but one paying customer—Facebook itself. Sullivan explained the PrivateCore deal as an investment in Facebook’s future—especially when viewed within the context of the company’s Internet.org effort to bring affordable Internet access (and Facebook) to the still-unwired parts of the planet. “PrivateCore is a perfect fit for the future of Facebook,” Sullivan told Ars.
The technology PrivateCore is developing, vCage, is a virtual “cage” in the telecom industry’s usage of the word. It is software that is intended to continuously assure that the servers it protects have not had their software tampered with or been exploited by malware. It also prevents physical access to the data running on the server, just as a locked cage in a colocation facility would.
The software integrates with OpenStack private cloud infrastructure to continuously monitor virtual machines, encrypt what’s stored in memory, and provide additional layers of security to reduce the probability of an outside attacker gaining access to virtual servers through malware or exploits of their Web servers and operating systems. If the “attestation” system detects a change that would indicate that a server has been exploited, it shuts it down and re-provisions another server elsewhere. Sullivan explained that the technology is seen as key to Facebook’s strategy for Internet.org because it will allow the company to put servers in places outside the highly secure (and expensive) data centers it operates in developed countries.
Posted by InfoSec News on Aug 15http://www.theage.com.au/it-pro/security-it/australian-teen-uncovers-security-flaw-in-paypal-20140815-1044cx.html
Posted by InfoSec News on Aug 15http://www.bloomberg.com/news/2014-08-15/supervalu-says-hackers-may-have-stolen-u-s-shoppers-card-data.html?
Posted by InfoSec News on Aug 15http://www.telegraph.co.uk/news/worldnews/middleeast/israel/11034421/Gaza-and-Crimea-conflicts-could-have-been-predicted-by-monitoring-cyber-attacks.html
Posted by InfoSec News on Aug 15http://www.nextgov.com/cio-briefing/2014/08/irs-gave-sensitive-data-convict-sentenced-21-years/91478/
Posted by InfoSec News on Aug 15http://www.computerworld.com/s/article/9250388/Ferguson_s_tiny_IT_operation_in_the_maelstrom
Who needs hackers? 'Password1' opens a third of all biz doors
Hundreds of thousands of hashed corporate passwords have been cracked within minutes by penetration testers using graphics processing units. The 626,718 passwords were harvested during penetration tests over the last two years conducted across ...